On Tue, Oct 25, 2011 at 10:18 AM, Kacper Kowalik <xarthis...@gentoo.org> wrote: > 2) What's wrong with current approach i.e. having seperate hardened profile?
I don't really see the hardened profile and some hardening by default as being redundant. When I think about the hardened profile I think high security at the cost of software compatibility. If you're running a virtual webhosting company you probably don't care that mplayer doesn't work on your virtual hosts but you do care that some zero-day exploit could let somebody escape from their sandbox. The default configuration should aim for a reasonable balance of security and convenience. We still fix or mask known security issues, and we still do stuff like not shipping lots of stuff listening on ports by default. If adding something to CFLAGS makes systems more secure with minimal compatibility or performance problems, then there is no reason not to do it. And "Debian is doing it" or whatever isn't actually a bad reason to consider this. When Debian does something by default, it means that upstream packages will take notice. In fact, you could even see something that today would be strange like having upstream mark a bug report invalid because you DIDN'T have stack protection enabled or whatever. Doing things that are dumb just because others are doing it isn't a good thing, but just being different for the sake of being different isn't either. Rich
